⚡︎ OVER 3,000 OFFERS CLAIMED! ⚡︎

Apple has confirmed a critical vulnerability in its devices that allowed malicious actors to execute remote code through web-based JavaScript, creating a potential threat to users’ cryptocurrency security.

The exploit, detailed in a recent Apple security disclosure, affected JavaScriptCore and WebKit software, which are essential components for processing web content.

The firm urged users to update their devices to the latest software versions to mitigate the risk.

Apple Vulnerability Actively Exploited

The vulnerability, uncovered by Google’s Threat Analysis Group, could enable “processing maliciously crafted web content,” leading to cross-site scripting attacks.

Apple acknowledged that the issue may have been actively exploited on Intel-based Mac systems, heightening concerns about its impact.

The flaw wasn’t limited to Macs; iPhone and iPad users were also at risk. Apple disclosed that the vulnerability in JavaScriptCore could lead to arbitrary code execution if users accessed harmful websites.

A software update has been released to address the issue.

Jeremiah O’Connor, CTO of crypto cybersecurity firm Trugard, warned that unpatched devices could expose sensitive data such as private keys and passwords stored in browsers, making cryptocurrency theft a tangible threat.

“Attackers could gain access to sensitive data, which poses significant risks to crypto users,” O’Connor said.

The crypto community swiftly responded to the revelations.

Former Binance CEO Changpeng Zhao urged users of Intel-based MacBooks to update their systems immediately, raising the alarm on social media.

This incident follows earlier reports of vulnerabilities in Apple’s M-series chips (M1, M2, and M3).

These chips were found to have a flaw in the prefetching process, a feature designed to enhance performance.

Security researchers discovered that prefetching could be exploited to store sensitive data in the processor’s cache, enabling attackers to reconstruct cryptographic keys.

Unlike the JavaScriptCore vulnerability, chip-level flaws cannot be addressed through software updates.

While workarounds exist, they often involve a trade-off between device performance and security.

Apple’s latest disclosures highlight the growing intersection of cybersecurity and cryptocurrency, emphasizing the critical need for timely updates to safeguard sensitive data in an increasingly digital world.

Cthulhu Stealer Malware Targets Apple Users

In August, Cybersecurity firm Cado Security warned Apple Mac users regarding a new malware variant named “Cthulhu Stealer,” designed to steal personal information and target cryptocurrency wallets.

“While MacOS has a reputation for being secure, macOS malware has been trending up in recent years,” the firm stated.

The Cthulhu Stealer malware masquerades as legitimate software, such as CleanMyMac or Adobe GenP, appearing in the form of an Apple disk image (DMG).

Once users download and open this file, they are prompted to enter their password through macOS’s command-line tool, which runs AppleScript and JavaScript.

After the initial password is entered, the malware prompts for a second password, specifically targeting the Ethereum wallet MetaMask.

The rise of Cthulhu Stealer and other similar threats, like the AMOS malware that clones Ledger Live software, has prompted Apple to take action.

The tech giant recently announced updates to its macOS, making it more difficult for users to bypass Gatekeeper protections that ensure only trusted applications are run.

The post Apple Admits to Remote Code Exploit That Threatened Crypto Security appeared first on Cryptonews.

Leave a Reply

Your email address will not be published. Required fields are marked *

Responsible Gaming

Gambling can turn into an addiction and that’s why you should always make use of the responsible gambling tools made available to you by online operators to help you stay in control of the time and expenditure you invest in online gaming. By law, online operators licensed by the Gambling Commission of Great Britain must provide you with information about responsible gambling and it is their responsibility to create a legal, fair and reliable environment, where players can enjoy the thrill of an online casino. The Gambling Commission of Great Britain licenses and regulates businesses that offer gambling to persons in Great Britain. Our mission is to provide you with only the best online slots experience and that means only reviewing and recommending sites that are licensed to operate by the Gambling Commission.